[sca] Add AES fixed-vs-random Data capture mode #20821

vrozic · 2024-01-12T14:44:49Z

The first commit modifies aes-fvsr-key-batch capture to be consistent with other captures and to update outdated comments.
The second commit modifies LFSR functions to enable running multiple LFSR
The third commit enables AES serial fixed-vs-random data capture
The last commit does the same for uJSON

New binaries generated from lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

Binaries are generated from lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

vogelpi

Thanks @vrozic for working on this. I have some questions regarding the additional PRNG and the storing of the key (fixed and equal for both sets).

sw/device/sca/aes_serial.c

vogelpi · 2024-01-23T13:26:21Z

Note that so far I've reviewed the simpleserial side only. Let's first iterate on this and then carry the final changes over to the uJSON implementation. At this point, it will be good if also @nasahlpa can review.

vogelpi

Thanks for making these changes and explaining the need for the LFSR context. The simple_serial implementation looks good to me now modulo one question regarding reseeding the second LFSR.

vogelpi · 2024-01-29T17:05:02Z

sw/device/sca/aes_serial.c

+  // Initial state of the prng
+  static const uint32_t kPrngInitialState = 0x99999999;


It would be great if this initial state could be provided via simpleserial. Because right now it's fixed at compile time. As this PR already alters the command, you could easily also add a second uint32 value with the LFSR seed. Do you think this would be feasible?

I've now added a separate command aes_serial_seed_lfsr_order to re-seed the second LFSR.
This way, it's easier to handle from the ot-sca side. The user just needs to run this command after aes_serial_set_default_values and before aes_serial_fvsr_data_batch_encrypt.

I've also kept the default value of 0x99999999 in case that the user doesn't want to use this feature.

sw/device/sca/aes_serial.c

nasahlpa

Thanks @vrozic , I had a look into the uJSON code only - that looks good.
As we need to use the sival branch to build uJSON SCA-binaries, could you please add the CherryPick:earlgrey_es_sival label to this PR? This ensures that this PR also gets merged into the sival branch.

Support for the new uJSON command is not yet implemented on the ot-sca side? Just let me know if I can support you there, it would be good to keep host and device side functionality as close together as possible.

sw/device/tests/crypto/cryptotest/firmware/aes_sca.c

Binaries are updated to support aes-fvsr-data capture. These binaries are generated from: https://github.com/vrozic/opentitan/tree/make-binaries-aes-data This branch is created by checking out: https://github.com/lowRISC/opentitan/tree/earlgrey_es_sival and cherry-picking commits from OpenTitan PR #20821: lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

vrozic · 2024-02-02T17:30:05Z

Thanks @vogelpi and @nasahlpa for the reviews. I've made the required changes.

Thanks @nasahlpa for explaining to me how to generate the binaries with the new process.
I've updated ot-sca PR 295 with the new binaries. Both serial and uJSON captures work on my local CW310 setup.

Binaries are updated to support aes-fvsr-data capture. These binaries are generated from: https://github.com/vrozic/opentitan/tree/make-binaries-aes-data This branch is created by checking out: https://github.com/lowRISC/opentitan/tree/earlgrey_es_sival and cherry-picking commits from OpenTitan PR #20821: lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

This commit ammends AES fixed-vs-random key dataset capture: 1. Updates the outdated description of the PRNG used for data generation 2. Acknowledges command in aes_serial capture method. This change improves the stability of measurements. 3. Returns the full 16B ciphertect of the last encryption in the batch. This is changed from only sending the last 4 bytes. This change makes it consistent with other batch measurements, making the code easier to maintain. Signed-off-by: Vladimir Rozic <[email protected]>

At the moment, a 32-bit SW LFSR is used for masking data shares sent from IBEX to crypto-blocks (AES, KMAC, SHA3). This commit adds a new context to this PRNG so that it can be used for multiple purposes. This is needed to set the stage for implementing aes-fvsr-data capture which makes use of this LFSR to determine the order of measurements. This commit also ammends all files that make use of the lfsr functions. Signed-off-by: Vladimir Rozic <[email protected]>

Signed-off-by: Vladimir Rozic <[email protected]>

Binaries are updated to support aes-fvsr-data capture. These binaries are generated from: https://github.com/vrozic/opentitan/tree/make-binaries-aes-data This branch is created by checking out: https://github.com/lowRISC/opentitan/tree/earlgrey_es_sival and cherry-picking commits from OpenTitan PR #20821: lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

vogelpi

LGTM!

github-actions · 2024-02-08T10:03:21Z

Successfully created backport PR for earlgrey_es_sival:

Cherry-pick to earlgrey_es_sival: [sca] Add AES fixed-vs-random Data capture mode #21258

Binaries are updated to support aes-fvsr-data capture. These binaries are generated from: https://github.com/vrozic/opentitan/tree/make-binaries-aes-data This branch is created by checking out: https://github.com/lowRISC/opentitan/tree/earlgrey_es_sival and cherry-picking commits from OpenTitan PR #20821: lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

Binaries are updated to support aes-fvsr-data capture. The simpleserial binaries are generated from: https://github.com/vrozic/opentitan/tree/make-binaries-aes-data This branch is created by checking out: https://github.com/lowRISC/opentitan/tree/earlgrey_es_sival and cherry-picking commits from OpenTitan PR #20821: lowRISC/opentitan#20821 The uJSON binary was created from lowRISC/opentitan@ecd6e47 Signed-off-by: Vladimir Rozic <[email protected]>

Binaries are updated to support aes-fvsr-data capture. These binaries are generated from: https://github.com/vrozic/opentitan/tree/make-binaries-aes-data This branch is created by checking out: https://github.com/lowRISC/opentitan/tree/earlgrey_es_sival and cherry-picking commits from OpenTitan PR #20821: lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

Binaries are updated to support aes-fvsr-data capture. The simpleserial binaries are generated from: https://github.com/vrozic/opentitan/tree/make-binaries-aes-data This branch is created by checking out: https://github.com/lowRISC/opentitan/tree/earlgrey_es_sival and cherry-picking commits from OpenTitan PR #20821: lowRISC/opentitan#20821 The uJSON binary was created from lowRISC/opentitan@ecd6e47 Signed-off-by: Pascal Nasahl <[email protected]>

vrozic force-pushed the aes-fvsr-data branch 2 times, most recently from 38191bd to 6262a0f Compare January 12, 2024 17:46

vrozic added a commit to vrozic/ot-sca that referenced this pull request Jan 22, 2024

update AES binaries

28bca23

New binaries generated from lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

vrozic force-pushed the aes-fvsr-data branch from 0f9591a to 5d233d4 Compare January 22, 2024 09:28

vrozic changed the title ~~[sca] Add fvsr Data mode to aes_serial~~ [sca] Add AES fixed-vs-random Data capture mode Jan 22, 2024

vrozic marked this pull request as ready for review January 22, 2024 12:10

vrozic requested a review from a team as a code owner January 22, 2024 12:10

vrozic requested review from jadephilipoom, nasahlpa and vogelpi and removed request for a team and jadephilipoom January 22, 2024 12:10

vrozic added a commit to vrozic/ot-sca that referenced this pull request Jan 23, 2024

[capture] Update AES binaries

9f35022

Binaries are generated from lowRISC/opentitan#20821 Signed-off-by: Vladimir Rozic <[email protected]>

vogelpi reviewed Jan 23, 2024

View reviewed changes

sw/device/sca/aes_serial.c Outdated Show resolved Hide resolved

sw/device/sca/aes_serial.c Outdated Show resolved Hide resolved

sw/device/sca/aes_serial.c Outdated Show resolved Hide resolved

sw/device/sca/aes_serial.c Show resolved Hide resolved

vrozic force-pushed the aes-fvsr-data branch 2 times, most recently from c1e6194 to e1133c7 Compare January 29, 2024 13:17

vogelpi reviewed Jan 29, 2024

View reviewed changes

nasahlpa approved these changes Feb 1, 2024

View reviewed changes

sw/device/tests/crypto/cryptotest/firmware/aes_sca.c Outdated Show resolved Hide resolved

vrozic force-pushed the aes-fvsr-data branch 2 times, most recently from 5e9dcc7 to b934388 Compare February 2, 2024 12:07

vrozic added the CherryPick:master This PR should be cherry-picked to master label Feb 2, 2024

nasahlpa added CherryPick:earlgrey_es_sival This PR should be cherry-picked to earlgrey_es_sival and removed CherryPick:master This PR should be cherry-picked to master labels Feb 2, 2024

vrozic force-pushed the aes-fvsr-data branch from b934388 to 5c1d10c Compare February 2, 2024 17:32

vrozic force-pushed the aes-fvsr-data branch from 5c1d10c to 56af1bd Compare February 6, 2024 09:18

vrozic added 4 commits February 6, 2024 13:06

[sca] Add support for aes-fvsr-data capture to aes_serial.c

552f4b8

Signed-off-by: Vladimir Rozic <[email protected]>

[sca] Add support for aes-fvsr-data uJSON capture

8b8ba88

Signed-off-by: Vladimir Rozic <[email protected]>

vrozic force-pushed the aes-fvsr-data branch from 56af1bd to 8b8ba88 Compare February 6, 2024 13:07

vogelpi approved these changes Feb 8, 2024

View reviewed changes

vogelpi merged commit 8618394 into lowRISC:master Feb 8, 2024
32 checks passed

github-actions bot mentioned this pull request Feb 8, 2024

Cherry-pick to earlgrey_es_sival: [sca] Add AES fixed-vs-random Data capture mode #21258

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[sca] Add AES fixed-vs-random Data capture mode #20821

[sca] Add AES fixed-vs-random Data capture mode #20821

vrozic commented Jan 12, 2024 •

edited

Loading

vogelpi left a comment

vogelpi commented Jan 23, 2024

vogelpi left a comment

vogelpi Jan 29, 2024

vrozic Feb 2, 2024

nasahlpa left a comment •

edited

Loading

vrozic commented Feb 2, 2024

vogelpi left a comment

github-actions bot commented Feb 8, 2024

		// Initial state of the prng
		static const uint32_t kPrngInitialState = 0x99999999;

[sca] Add AES fixed-vs-random Data capture mode #20821

[sca] Add AES fixed-vs-random Data capture mode #20821

Conversation

vrozic commented Jan 12, 2024 • edited Loading

vogelpi left a comment

Choose a reason for hiding this comment

vogelpi commented Jan 23, 2024

vogelpi left a comment

Choose a reason for hiding this comment

vogelpi Jan 29, 2024

Choose a reason for hiding this comment

vrozic Feb 2, 2024

Choose a reason for hiding this comment

nasahlpa left a comment • edited Loading

Choose a reason for hiding this comment

vrozic commented Feb 2, 2024

vogelpi left a comment

Choose a reason for hiding this comment

github-actions bot commented Feb 8, 2024

vrozic commented Jan 12, 2024 •

edited

Loading

nasahlpa left a comment •

edited

Loading